About Better.com:

We’re one of the fastest growing homeownership companies in America. Why? Because we’re making homeownership simpler, faster — and most importantly, more accessible for all Americans.

By combining smarter technology with a desire to not just change one piece of the journey but the entire makeup of what it’s like to buy and own a home in this country, we’re building things that don’t exist yet. 

Better.com by the numbers: 

• We fund $600 million in home loans per month
• Nearly $5 billion in loans funded since our inception in 2016
• 2 years running, we’re one of Crain’s “Best Places to work”
• We’re #11 on Fortune’s Best Places to Work in NYC
• And #964 on Inc.’s 2019 “5000 Fastest-Growing Companies” 
• We’ve secured over $254 million from our investors to date 
• ...and counting

We continue to outpace the industry at every turn. Our backers have helped build some of the most transformative tech and finance companies in history. Kleiner Perkins, Goldman Sachs, IA Ventures, Ally Bank, American Express, Citigroup, Activant Capital, and others have all invested in our vision of redefining the entire homebuying journey.

A Better opportunity:

Better is looking to hire an Application and Product Security Engineer to join our security team. You will be responsible for securing custom built applications and infrastructure working in partnership with product engineering teams.

Responsibilities will include:

• Coordinate our bug bounty program, verifying exploits and crafting remediation plans
• Evangelize and educate other engineers on secure coding and development practices
• Work with engineers to develop a secure SDLC lifecycle that includes threat modeling and vulnerability assessments
• Assess application and infrastructure architectures and provide recommendations and guidance on how to further secure systems from a practical viewpoint
• Develop and document security policies, ensuring they stay up to date
• Work with our SOC and Compliance team on third party audits and compliance reviews
• Develop automations for enforcement of security policies during the build and deployment process of our systems
• Assess and patch vulnerable packages and systems across our ecosystem
• Implement, configure and manage our log management systems, EDR, IDS/IDPs and Firewalls in partnership with networking, SOC and IT teams

About you:

• You have 4+ years of experience specifically within security engineering (Compliance heavy industries preferred but not required)
• Strong experience with source code review from a security perspective, specifically within NodeJS and Python
• Experience of scripting languages such as Python, Bash etc
• Ability to write security tests and automations in Node and Python
• A strong understanding of the fundamentals of web applications and infrastructure
• Understanding of AWS hosted environments
• Familiarity with databases and security best practices – specifically SQL databases (Postgres preferred)
• Understanding and ability to deploy and manage security tooling that underpins our SOC Team (SIEMs, monitoring agents, log collectors etc)
• Security certifications preferred but not required (OSCP, CCSP, CEH etc).
• Ability to participate in on call rotations

Things we value: 

• Curiosity. Why? How? Repeat.
• Nerdiness. Financial news and trends are fascinating. Seriously.
• Relentlessness. No one here gives up. We try. We fail. We try again.
• Passion. If you don’t get excited about homeownership, mortgages, and real estate, it simply won’t work.
• Smarts: book and street. We have to use all the tools at our disposal to build Better.
• Empathy and Compassion. You understand that people's biggest dreams are in your hands.
• Communication. Can you ask for help or put your hand up when you don’t understand?
• Building. Doing. Making. Yes, we have to do a lot of thinking and talking to figure this stuff out, but you can’t wait to leave the conversation and build it.